1  info:
 2    name: vllm
 3    cve: CVE-2026-22773
 4    summary: vLLM is vulnerable to Denial of Service in Idefics3 vision models via an image payload with ambiguous dimensions.
 5    details: |
 6      The vulnerability allows an attacker to crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This is achieved by sending a specially crafted 1x1 pixel image, which causes a tensor dimension mismatch and an unhandled runtime error, leading to complete server termination. The issue arises from the image processor incorrectly interpreting the image format (HWC vs. CHW), leading to an incorrect calculation of image patches and a fatal tensor split operation failure.
 7    cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 8    severity: HIGH
 9    security_advise: |
10      1. Upgrade vLLM to version 0.12.0 or later.
11      2. Implement input validation for image dimensions to prevent processing of images smaller than a defined minimum size.
12      3. Implement robust exception handling around image processing functions to catch and manage `RuntimeError` exceptions, preventing server crashes.
13  rule: version > "0.6.4" && version < "0.12.0"
14  references:
15    - https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr
16    - https://nvd.nist.gov/vuln/detail/CVE-2026-22773
17    - https://github.com/vllm-project/vllm/pull/29881
18    - https://github.com/vllm-project/vllm/commit/0ec84221718d920c3f46da879cc354f94b8fb59e
19    - https://github.com/vllm-project/vllm